network/salt/bind/named.conf

# Slaves rely on static IPv4 addrs over dn42. Do not contact them over
# their public addrs because our source addr is dynamic!
{% macro slaves() -%}
{%-  if pillar['bind']['slaves'] -%}
    allow-transfer {
{%-    for addr in pillar['bind']['slaves'] -%}
        {{ addr }};
{%-    endfor -%}
    };
    also-notify {
{%-    for addr in pillar['bind']['slaves'] -%}
        {{ addr }};
{%-    endfor -%}
    };
{%-  endif -%}
{%- endmacro %}

# root domain
{%- set domain = pillar['bind']['root-domain'] %}
zone "{{ domain }}" IN {
     type master;
     file "/etc/bind/{{ domain }}.zone";
     {{ slaves() }}
};

# net zones
{%- for net, subnet4 in pillar['subnets-inet'].items() %}
{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}
zone "{{ domain }}" IN {
     type master;
     file "/etc/bind/{{ domain }}.zone";
     {{ slaves() }}
};
{%- endfor %}

# IPv4 reverse zones
{%- for domain in pillar['bind']['reverse-zones-inet'] %}
zone "{{ domain }}" IN {
     type master;
     file "/etc/bind/{{ domain }}.zone";
};
{%- endfor %}

# IPv6 reverse zones
{%- for domain in pillar['bind']['reverse-zones-inet6'] %}
zone "{{ domain }}" IN {
     type master;
     file "/etc/bind/{{ domain }}.zone";
};
{%- endfor %}


# DynDNS
{%- for name, conf in pillar['dyndns'].items() %}
key "{{ name }}" {
    algorithm hmac-sha256;
    secret "{{ conf['secret'] }}";
};
{%- endfor %}

# DynDNS zone
{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}
zone "{{ domain }}" IN {
     type master;
     file "/etc/bind/{{ domain }}.zone";
     {{ slaves() }}
     update-policy {
{%- for name, conf in pillar['dyndns'].items() %}
        grant {{ name }} name {{ name }}.{{ domain }} ANY;
{%- endfor %}
     };
};
bind: document named.conf 2017-03-12 03:12:52 +01:00			`# Slaves rely on static IPv4 addrs over dn42. Do not contact them over`
			`# their public addrs because our source addr is dynamic!`
bind: add explicity slaves 2017-01-23 22:23:56 +01:00			`{% macro slaves() -%}`
			`{%- if pillar['bind']['slaves'] -%}`
			`allow-transfer {`
			`{%- for addr in pillar['bind']['slaves'] -%}`
			`{{ addr }};`
			`{%- endfor -%}`
			`};`
			`also-notify {`
			`{%- for addr in pillar['bind']['slaves'] -%}`
			`{{ addr }};`
			`{%- endfor -%}`
			`};`
			`{%- endif -%}`
			`{%- endmacro %}`

bind: document named.conf 2017-03-12 03:12:52 +01:00			`# root domain`
bind: add root-domain in named.conf 2017-01-23 21:59:33 +01:00			`{%- set domain = pillar['bind']['root-domain'] %}`
			`zone "{{ domain }}" IN {`
			`type master;`
			`file "/etc/bind/{{ domain }}.zone";`
bind: add explicity slaves 2017-01-23 22:23:56 +01:00			`{{ slaves() }}`
bind: add root-domain in named.conf 2017-01-23 21:59:33 +01:00			`};`

bind: document named.conf 2017-03-12 03:12:52 +01:00			`# net zones`
dns 2017-01-13 03:57:09 +01:00			`{%- for net, subnet4 in pillar['subnets-inet'].items() %}`
			`{%- set domain = net ~ '.' ~ pillar['bind']['root-domain'] %}`
			`zone "{{ domain }}" IN {`
			`type master;`
			`file "/etc/bind/{{ domain }}.zone";`
bind: add explicity slaves 2017-01-23 22:23:56 +01:00			`{{ slaves() }}`
dns 2017-01-13 03:57:09 +01:00			`};`
			`{%- endfor %}`

bind: document named.conf 2017-03-12 03:12:52 +01:00			`# IPv4 reverse zones`
bind: merge reverse[46].zone 2017-01-14 00:13:35 +01:00			`{%- for domain in pillar['bind']['reverse-zones-inet'] %}`
dns 2017-01-13 03:57:09 +01:00			`zone "{{ domain }}" IN {`
			`type master;`
bind: merge reverse[46].zone 2017-01-14 00:13:35 +01:00			`file "/etc/bind/{{ domain }}.zone";`
dns 2017-01-13 03:57:09 +01:00			`};`
			`{%- endfor %}`

bind: implement dyndns 2017-03-12 03:16:48 +01:00			`# IPv6 reverse zones`
dns 2017-01-13 03:57:09 +01:00			`{%- for domain in pillar['bind']['reverse-zones-inet6'] %}`
			`zone "{{ domain }}" IN {`
			`type master;`
bind: merge reverse[46].zone 2017-01-14 00:13:35 +01:00			`file "/etc/bind/{{ domain }}.zone";`
dns 2017-01-13 03:57:09 +01:00			`};`
			`{%- endfor %}`
bind: implement dyndns 2017-03-12 03:16:48 +01:00

			`# DynDNS`
			`{%- for name, conf in pillar['dyndns'].items() %}`
			`key "{{ name }}" {`
			`algorithm hmac-sha256;`
			`secret "{{ conf['secret'] }}";`
			`};`
			`{%- endfor %}`

			`# DynDNS zone`
			`{%- set domain = 'dyn.' ~ pillar['bind']['root-domain'] %}`
			`zone "{{ domain }}" IN {`
			`type master;`
			`file "/etc/bind/{{ domain }}.zone";`
			`{{ slaves() }}`
			`update-policy {`
			`{%- for name, conf in pillar['dyndns'].items() %}`
			`grant {{ name }} name {{ name }}.{{ domain }} ANY;`
			`{%- endfor %}`
			`};`
			`};`